Clickjacking (also known as user-interface or UI redressing and IFRAME overlay) is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website.
Ex: A visitor to a site thinks he is clicking on a button to close a window; instead, the action of clicking the “X” button prompts the computer to download a Trojan Horse, transfer money from a bank account or turn on the computer’s built-in microphone. The host website may be a legitimate site that's been hacked or a spoofed version of some well-known site. The attacker tricks users into visiting the site through links online or in email messages.
Suppose I am using iframe in your for some reason. I want to give security so that no one can hack using click jacking technique by loading his content instead of mine.
Suppose in design I am using iframe and id of iframe is ifShow. Then just copy paste below code to prevent click jack on the site.
<script type="text/javascript" language="Javascript">
function Check() {
try{
if (window.top !== window.self) {
window.top.location = window.self.location;
return;
}
if (window.top.location.host != window.self.location.host) {
//window.top.location = window.self.location;
window.top.location = window.self.location;
return;
}
var domain = document.getElementById('ifShow').src.replace('http://', '').replace('https://', '').split(/[/?#]/)[0];
if (window.self.location.host != domain) {
window.top.location = window.self.location;
return;
}
}
catch (ex)
{ window.top.location = window.self.location; /* everyone else */ }
}
setInterval(Check, 1000);
Check();
</script>
Comments
Post a Comment